feat(core): Allow specifying Content-Security-Policy-Report-Only (#15805)

2025-12-17 01:56:46 +00:00 · 2025-05-29 09:26:24 +03:00
parent e860dd6d2e
commit c12784600f
3 changed files with 9 additions and 0 deletions
--- a/packages/@n8n/config/src/configs/security.config.ts
+++ b/packages/@n8n/config/src/configs/security.config.ts
@@ -32,4 +32,10 @@ export class SecurityConfig {
 	// TODO: create a new type that parses and validates this string into a strongly-typed object
 	@Env('N8N_CONTENT_SECURITY_POLICY')
 	contentSecurityPolicy: string = '{}';
+
+	/**
+	 * Whether to set the `Content-Security-Policy-Report-Only` header instead of `Content-Security-Policy`.
+	 */
+	@Env('N8N_CONTENT_SECURITY_POLICY_REPORT_ONLY')
+	contentSecurityPolicyReportOnly: boolean = false;
 }
--- a/packages/@n8n/config/test/config.test.ts
+++ b/packages/@n8n/config/test/config.test.ts
@@ -272,6 +272,7 @@ describe('GlobalConfig', () => {
 			blockFileAccessToN8nFiles: true,
 			daysAbandonedWorkflow: 90,
 			contentSecurityPolicy: '{}',
+			contentSecurityPolicyReportOnly: false,
 		},
 		executions: {
 			pruneData: true,